remill-tester is a Remill instruction-semantics test harness for x86-64.
It consumes raw corpus files generated by x86Tester, decodes each instruction with XED, lifts it with Remill, JIT-executes the lifted instruction, and compares the resulting sparse state against the hardware oracle.
The goal is to make Remill semantic regressions visible while keeping unsupported coverage gaps separate from real mismatches. The tester currently handles scalar/vector registers, user-visible RFLAGS masking using XED undefined-flag metadata, normalized memory cells, expected exception paths, and selected system/x87 cases.
3975WX/— x86Tester corpus data used for local sweeps.tests/smoke_3975wx.txt— small curated smoke corpus for CI; intended to run in under 30 seconds.src/— parser, XED metadata, Remill LLJIT backend, state bridge, memory model, and comparator.dependencies/remill/— Remill submodule under test.TESTED.md— concrete passing full-file runs.failures.md— known semantic failures, unsupported areas, and skip-bucket evidence.PLAN.md— implementation plan and design notes.
Initialize submodules and build the dependency prefix:
git submodule update --init --recursive
cmake -G Ninja -S dependencies -B dependencies/build \
-DCMAKE_C_COMPILER=clang -DCMAKE_CXX_COMPILER=clang++ \
-DCMAKE_BUILD_TYPE=RelWithDebInfo
cmake --build dependencies/buildBuild the tester and run the fast smoke tests:
cmake -G Ninja -B build -DCMAKE_BUILD_TYPE=RelWithDebInfo \
-DCMAKE_C_COMPILER=clang -DCMAKE_CXX_COMPILER=clang++
cmake --build build
ctest --test-dir build --output-on-failure --timeout 30Run a corpus file manually:
./build/remill-tester 3975WX/xor.txt --execute --stop-on-first-failFor large corpus sweeps, prefer a Release build:
cmake -G Ninja -B build-release -DCMAKE_BUILD_TYPE=Release
cmake --build build-release --target remill-tester -j4
./build-release/remill-tester --self-test